CVE-2014-0745
Summary
| CVE | CVE-2014-0745 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-27 01:55:03 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. |
Risk And Classification
Primary CVSS: v2.0 6.8 from [email protected]
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS: 0.001160000 probability, percentile 0.297730000 (date 2026-05-05)
Problem Types: CWE-352 | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Unified Contact Center Express Editor Software | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745 | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Vendor Advisory |
| Cisco Unified Contact Center Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.